Vulnerability CVE-2007-3021

Vulnerability CVE-2007-3021

Published: 2007-06-05 Modified: 2012-02-12

Description:

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Symantec -> Client security
Symantec -> Norton antivirus
Symantec -> Reporting server

References:

http://www.symantec.com/avcenter/security/Content/2007.06.05a.html

http://www.vupen.com/english/advisories/2007/2074

http://xforce.iss.net/xforce/xfdb/34744

http://www.securitytracker.com/id?1018196

http://www.securityfocus.com/bid/24313

http://secunia.com/advisories/25543

Copyright 2024, cxsecurity.com